Notice under art. 13 of Regulation (EC) 2016/679 of the European Parliament and of the Council
The Gals and the City, online magazine, hereby gives formal notice that, under art. 13 Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereafter, the “European Regulation”), it requires the processing of certain personal data which are automatically collected or supplied through the browsing or use of the https://www.galsandthecity.com/ website (hereafter, “Website”).
This privacy notice, thus, concerns the Website only and not any other site, pages or on-line services which may be reached through any hypertext links displayed therein.
1. Data controller
Data Controller is Gals and the City Crew, tax code: 153043871 in person of its legal representative, whose domicile is in Greece, 11854, Athens (hereafter, “Gals and the City” or “Data Controller”).
2. Definition and type of processed personal data
In order to allow the use of the Website and of its services, the Data Controller requires to know and to process certain personal data of yours that will be collected by filling in and submitting the forms on the Website. Namely, when you browse on or you make any purchase on the Website, Gals and the City processes the following personal data (hereafter, jointly, “Services”):
– to purchase any product displayed on the Website: email, name, surname, address, telephone number, invoicing address;
– to receive our newsletter or commercial communications: the email address, name, surname, day and month of birth;
– to receive tailored marketing communications: email, name, surname, day and month of birth, as well as the number, type, value and regularity of the purchases of products made through the Website within a 12 months period;
– to receive the support services of the Call Center: the personal data which will be disclosed for providing the requested support;
– to sign up to the “my account” personal area: name, surname, email, password, day and month of birth.
As regards, on the other hand, the mere browsing of the Website, the types of processed data and the relevant specific information for the “cookies” are specified below.
The IT systems and the software procedures governing the operation of the Website acquire, during their ordinary operation, certain personal data, the transmission thereof is implied by the use of the Internet communication protocols.
This category of data includes the IP addresses or the domain names of the computers employed by the users who connect to the Website, the addresses in URI notation (Uniform Resource Identifier) of the requested resources, the time of the request, the method employed to forward the request to the server, the dimension of the reply file receive, the numerical code showing the status of the reply returned by the server (completed, error, etc.) and other parameters related to the operative system and the IT environment of the user.
These data, which are required for the use of the Website, are processed for the sole purpose of obtaining statistical information on the use of the services (most visited pages, number of visitors by hour or day, geographical area of origin, etc.) and to check the correct operation of the offered services.
The browsing data shall not be retained for more than seven days and are deleted immediately after their aggregation, unless any Court has any investigation requirement.
The Website uses the following types of cookies.
– Technical cookies
Technical (session or persistent cookies) are used, i.e. small text files containing a certain quantity of information exchanged between the Website and the terminal (or, better still, with the employed browser), which allow the correct operation and use thereof or a better Website experience. For example, they help us to locate the Store closest to you, learn and remember your preferences on the language of the Website. When you select a country and language in the splash page or via the IP geolocation, we save this information in the cookies for subsequent sessions. Cookies are also used to show/hide the newsletter subscription banner.
– Analytical cookies
– Profiling cookies
No cookies for profiling of users or other tracking methods are currently used.
– Third party cookies
Also certain third parties may install cookies on your device. We do not have any control on the use of third-party cookies and, therefore, we have no responsibility for their use. Third parties hold their own privacy notices and the data collection procedures. The list of the employed third party cookies is provided below:
Facebook – https://www.facebook.com/policies/cookies/
Instagram – https://help.instagram.com/1896641480634370
Pinterest – https://policy.pinterest.com/en/cookies
YouTube – https://policies.google.com/technologies/cookies
To withdraw the consent to these cookies, please refer to the following sites:
The provision of any cookie can be in any case disabled by working on the settings of your browser. Please note, however, that working on these settings may make the Website impossible to use in the case where the cookies which are required for the provision of our services are blocked. In any way, each browser has different settings for disabling cookies. The links to the instructions for the most common browsers are here: Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, Opera.
For more information on cookie of this Web Site, click here.
Any call to the Call Center numbers listed on the Website may imply the processing of the personal data of the calling person, in order to supply the services requested by the latter, such as, by way of example, the personal data required for the management of the return requests or after sale assistance.
Gals and the City, through its data processors, may also use certain third-party call centers, which operate, always in compliance with the legislation on privacy, under a specific service contract on behalf of the Data Controller, as data processors under art. 28 of the European Regulation.
3. Purposes of the processing and legal basis
The personal data which the Data Controller collects are only those provided upon browsing on the Website and during the use of their Services.
The personal data are processed for the following purposes:
A) Execute and perform the contract for the purchase of the goods offered through the Website. The provision of your personal data for this purpose is compulsory, in consideration of the fact that, in the case said data are not provided, Gals and the City would not be in the position to process your order and therefore you may not be able to purchase any our product.
The legal basis of the processing consists of the need to perform a contract in which you are one party and the need to meet any statutory requirement.
B) Allowing the signing up to the “Newsletter” or“Subscribe” personal area within the Website and the provision of the services reserved to registered users. The provision of your personal data for this purpose is optional. However, without said provision of data, it will be not possible to enjoy the convenience and all the services offered to your through the personal area.
The legal basis of the processing is the need to perform a contract to which you are a party.
C) Manage the requests submitted to the Call Center. The provision of your personal data for this purpose is optional. However, without said provision of data, Gals and the City will not be in the position to process the requests you may decide to submit to our Call Center.
The legal basis of the processing is the need to execute a contract to which you are a party.
D) Sending any trade and promotional communication containing business offers of products and services which are similar to the one you already purchased (“soft spam”) by using the email address provided at the moment of the previous purchase. The provision of your personal data for this purpose is in any case optional and you may object, at any time, to any further receipt of commercial or promotional communications by clicking on the unsubscribebutton contained in the emails received or by writing“ STOP ” to email@example.com .
The legal basis of the processing is the legitimate interest of the Data Controller to develop the relationship with its customers and increase the sales volumes of certain products for which you already expressed your interest.
E) Send business communications on our products and services by providing updates to you on any new event, new arrivals, the exclusive products, our offers and promotions. We may make such communications via our newsletter or by email. We may also process your data for market research, statistical analysis or other research to improve our products and services and for customer satisfaction analysis. The provision of your personal data for these commercial purposes is optional. However, without said provision of data, Gals and the City will not be in the position to keep you constantly updated on the offers and promotions which we reserve to our customers.
The legal basis of the processing is your explicit consent to the processing of the personal data. If you give your consent, you may revoke it at any time by clicking on the unsubscribe button contained in the emails or newsletters received or by writing to firstname.lastname@example.org .
F) Send marketing communications via email on our products and services, tailored on your purchase tastes and preferences. Such personalization will be carried out through the analysis – even in an automated form – of the number, type, value and regularity of the purchases of products through the Website within a 12 months period. The provision of your personal data for this purpose is optional. However, without said consent, Gals and the City will not be in the position to send you offers tailored on your tastes and preferences.
The legal basis of the processing is your explicit consent to the processing of the personal data. If you give your consent, you may revoke it at any time by writing to email@example.com
The personal data may be processed either through IT tools and on paper.
4. Personal data retention period
The Data Controller intends to store the personal data during a time frame that does not exceeds the time frame required for achieving the purposes for which the data were collected and processed.
In this perspective, according to the current regulatory provisions, including any accounting provision, Gals and the City will store your personal data collected following the sale of its product for not more than 10 years. Later, we will delete them or make them anonymous in a permanent and not reversible manner.
As regards the processing of your personal data for direct marketing purposes, if you granted your explicit consent thereto, according to the statutory requirements and the general Order, Gals and the City decides to delete your personal data processed for direct marketing purposes within 24 months from their collection. The data processed for profiling purposes, however, will be deleted within 12 months from their collection.
As regards the other personal data, in consideration of the fact that it is not possible to accurately establish the retention period of your personal data, the Data Controller hereby undertakes to inform the processing of your personal data to the adequacy, relevance and data minimization principles, as required under the European Regulation, by checking the need of their retention on a yearly basis. Therefore, once the purposes for which the data were collected and processed, we will remove them from our systems and records and/or we will adopt the appropriate measures for making them anonymous, so that you will not be identified.
All the above excepting the case where we will need to retain said data for meeting any statutory requirement, or assessing, exercising or defending any of our right before the Court.
5. Categories of recipients of the data
Any processed personal data shall not be disclosed to any third party. The following may become aware of your personal data for the processing purposes described above:
– the recipients who may access to the data under a statutory provision established by the legislation of the European Union or of the member state to which the Data Controller is subject;
– the recipients who carry out, within the borders of the European Union, in full autonomy, as distinct Data Controllers, or as Data Processors specifically appointed by Gals and the City, additional purposes to the activities and services listed in paragraph 3, or bank operators, internet providers, couriers and shippers, companies providing marketing services, companies which offer IT infrastructures and IT support and advisory services and also design and production of software and Internet sites, law firms, companies which offer any services seeking to customize and optimize our services, companies which offer data analysis and development services (including those regarding the interactions of the users with our services) service centres, companies or advisers appointed for providing further services to the Data controller within the limits of the purposes for which the data were collected;
– the issuing company of the credit card used by you, the suppliers of anti-fraud control services connected to the payment process and (if required) for the activation of the anti-fraud control procedure.
Furthermore, also our employed staff may be informed of your personal data, provided that they are previously appointed as persons acting under the authority of the Data Controller under art. 29 of the European Regulation or as System Administrator.
Any disclosure of your personal data will be performed in full compliance with the statutory provisions of the European Regulation and of the technical and organizational measures established by the Data Controller seeking to guarantee an appropriate safety level.
6. Transfer of personal data to third party countries
The processing of personal data is carried out entirely in Greece and in countries within the European Union.
In order to provide the Services, the Data Controller may transfer the personal data towards third party countries. In this case, we undertake to:
– assess that the country to which your personal data is transferred ensures an adequate level of protection, as established under article 45 of the European Regulation; or
– use the standard data protection clauses approved by the European Commission for the transfer of personal data outside the EEA (as approved under article 46.2 of the European Regulation); or
– assess, in the case where we transfer your personal data to the United States, that the third party is a member of the Privacy Shield.
7. Possible use of automated decision-making processes
Gals and the City does not use automated decision-making processes without your consent, this including the profiling referred to in article 22, paragraphs 1 and 4 of the European Regulation. If you consent to the profiling, the data you provide may be used to analyse or predict your tastes and preferences, for the purposes of customizing the content of marketing communications and offer only dedicated products and services tailored on your tastes and preferences.
In particular, the survey and analysis could cover the number, type, value and regularity of purchases of products made through the Website within a 12 months period.
Following such analysis, which could also be carried out in an automated form, the data subject may be classified into one or more groups with different characteristics and receive Gals and the City personalized communications that Gals and the City believes are tailored on tastes and preferences of the same. For example, if the data subject purchases, within a 12 months period, only certain types of product for a certain value (e.g. shoes with a cost of € 200) it is possible that the same will receive future marketing communications solely with reference to similar products in a similar price range. On the contrary, the data subject may not receive communications regarding other types of products (e.g. accessories) in case the same has not ever purchased bags in the 12 month period, since the system assumes that it is not a product of interest.
With reference to such data processing, Gals and the City has conducted a specific data protection impact assessment to ensure that profiling is carried out with neutrality, accuracy, efficiency and without harmful consequences for the data subject. It is possible for the data subject at any time to request a copy of a summary of such evaluation or to request clarification by writing to firstname.lastname@example.org
8. Rights of the data subject
As regards the processing of his/her personal data, pursuant to the European Regulation, the data subject is entitled to:
– withdraw his/her consent to the processing at any time. We must highlight, however, that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal, as established under art. 7, paragraph 3 of the European Regulation;
– obtain from the Data Controller access to his/her personal data under art. 15 of the European Regulation;
– obtain that the Data Controller rectifies and integrates the personal data deemed inaccurate, including by means of providing a supplementary statement, under art. 16 of the European Regulation;
– obtain from the controller the erasure of personal data concerning him or her where one of the grounds under art. 17 of the European Regulation applies;
– obtain from the controller the restriction of the processing of the personal data concerning him or her where one of the grounds under art. 18 of the European Regulation applies;
– receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format;
– request the Data Controller to transmit personal data to another controller without hindrance under art. 20 of European Regulation;
– object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including the profiling, based on those provisions, pursuant to art. 21 of the European Regulation;
– not be subjected to decisions based solely on automated data processing, including profiling, which could cause legal effects concerning the data subject, in case the same has not previously and explicitly provided consent, as set forth by art. 22 of the European Regulation; moreover, in relation to the automated processing, the data subject has the right to obtain human intervention from Gals and the City, as well as to express an opinion or contest the decision, as provided for by art. 22.3 of the European Regulation;
– lodge a complaint with a supervisory authority (art. 77) or right to an effective judicial remedy (79), if he or she believes that the processing breaches the European Regulation. The complaint may be lodged in the Member State where he or she has his or her habitual residence, works or where the alleged violation occurred.
In order to exercise each right thereof, you may contact the Data Controller in person of its legal representative, by sending a notice to the following email email@example.com by providing the following personal data:
– Name, surname and postal address;
– Details of the request;
– Purchase code;
– Photocopy of a valid ID document.
9. Consent of children concerning the information society services
It is explicitly forbidden that anyone under sixteen (16) years of age uses the services provided through the Website. By signing up or by purchasing on the Website you confirm that you reached the age of majority in your country of residence.